L 



ico 



Seat of Trust Process 



Secure Processor 



z 



to 



CPU 
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Persistent Secure Data 






Secure Program 








Seat of Trust 










Process 








r 
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Seat of Trust 






> 


Constant 
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Transient Secure 






Data 








Seat of Trust 








: — w 





/ 



External Source 



E.g. PIN or 
biometric input 



Secure 
method to 
create SoT 
from a 
combination 
of SoT 
Constant and 
data from 
External 
Source. 



a) Kei-secret 
or 

b) Kei-private, Kei-public 



Secure Transfer Protocol (1) 



SPl 



0. Enrol with Kei- 
secret or Kei-public 



1 . Request data by 
Name 



N^me 



3. Compute 
Certificate with Kei- 
secret or Kei-private 



Certificate 



5. Key Exchange, 
giving Ks 



8. deciypt(Data, Ks) 



Data 



Kei-secret or Kei-public 



(out of band) 



Nonce 



Message 1 



Population 
out-of-band 



SP2 



Kei-secret or 
Kei-public 



2. Compute nonce 



4. Validate 
Certificate, with 
Kei-secret or Kei- 
public 



5. Key Exchange, 
giving Ks 

6. Retrieve Data, 
using Name 



7. encrypt(Data, Ks) 




Data(Name) 



pRio/L 



Secure Transfer Protocol (2a 



3£ 

o ^ 
^ o 



SP1 



0. Enrol with Kei- 
secret or Kei-public; 
and 

get Kw-unwrap 



1. Request data by 

Name 
3. Computer 

Certificate 
5. Key Exchange, 

giving Ks 



8. Ke-decrypt = 
unwrap ( decrypt( 
Message2, Ks ), 
Kw-unwrap ) 



10. Decrypt( 
decrypt (Messages, 
Ks ), Ke-decrypt ) 



Data 



SP2 



Out-of-band messages 



Multiple messages 



as before 




Data confidential 
from SP2 



Population 
out-of-band 



4, 



Wrap( 
Ke-decrypt, 
Kw-wrap) = B 
Ke-decrypt 



2. Compute nonce 

4. Verify certificate 

5. Key Exchange, 

giving Ks 



7. 

a) encrypt( wrap( 
Ke-decrypt, Kw- 
wrap ), Ks ) 
or 

,b) encrypt( B, Ks ) 



9. encrypt( 
Encrypted Data, Ks 
) 



6. Retrieve data 




Encrypted 
Data(name) 



Pie- 3 



Secure Transfer Protocol (2b) 



SP1 



0. Enrol with KeC- 
secret or Kei-public; 
and Kec-secret or 
Kei-public 



1 .Request data by 

Name 
3. Computer 

Certificate 
5. Key Exchange, 

giving Ks 



8. 

Kw-unwrap = Kec- 
secret or Kec- 
private; 

Ke-decrypt = 
unwrap ( decrypt( 
Message2, Ks ), 
Kw-unwrap ) 



10. Decrypt( 
decrypt (Message3, 
Ks ), Ke-decrypt ) 




Data 



ei-secret or Kei-public 



Kec-secret or Kei-public 

(out of band) 

Multiple messages 



as before 



Data confidential 
to all but SP1 




Messaged 



SP2 



Message^ 



Population 
out-of-band 



Wrap( 
Ke-decrypt, 
Kw-wrap) = B 

Ke-decrypt 



2. Compute nonce 

4. Verify certificate 

5. Key Exchange, 

giving Ks 



ec-secret 
or 

Kec-p uhlic 



Kw^wrap = Kec- 
secret 

or Kec-public 

a) encrypt( wrap( 
Ke-decrypt, Kw- 
wrap ), Ks ) 

b) encrypt( B, Ks ) 



9. encrypt( 
Encrypted Data, Ks 
) 



6. Retrieve data 



Encrypted 
Data(name) 



Pj<^ A- 



Secure Transfer Protocol (3 a) 



SO 



Repository 
& Provider 



Data Store & 

Encrypted ^ 
Data, indexed 
by Name 




SP2: 

Secure Processor 



Guardian 



Transferer 



6. Guardian receives 
requested Name from 
Transferjand retrieves 
Encrypted Data from 
Data Store 



Encrypted Data 
stored outside of 
the Secure 
^ocessor 



Multiple messages as 
Secure Transfer Protocol 
(2b). 




Secure Transfer Protocol (3b) 



Repository 
& Provider 



SP2: 

Secure Processor 



Data Store 



Guardian 



Transferer 




Data in Data Store is 
protected by Secure 
Processor; 
And may also be 
encrypted. 



User 



Multiple messages as 
Secure Transfer Protocol 
(2a) or (2b). 




SP1: 

Secure Processor 



Secure Transfer Protocol (3c) 



Repository 



Data Store 



SP2: 

Secure Processor 



Guardian 



Provider, 



SPl 

Transferer 
SP2 



Secure Processor 



Separation of 
Repository and 
Provider function, 
allows partitioning and 
scalability. 




Multiple messages as 
Secure Transfer Protocol 
(2a) or (2b). 



SPl: 

Secure Processor 
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Data Set and Policy 



So 



Repository 



Secure Processor ri 



?3 



Data Set 



Data Instance 1 
Data Instance 2 



Policy 



Rule 1 
Rule 2 



(L 



Guardian 



1. Guardian 
securely 
loads Policy 
from 
requested 
Data Set and 
optionally 
verifies 
signature and 
securely 
executes the 
Rules to 
manage Data 
Instances. 



0. Provider requests an 
operation on a Data 
Set. 



Provider 



F*€r 2r 



Region 



Repository 
Region 



Data Sets 



Data Set 1 



Policies 



^3 



Policy 1 



Certificates 



Certificate 1 



SP2: Guardian 



Entities 



Entity 1 



Name 1 

Kei-publ 

[Kec-publ] 



Entity 2 



Kroot-private 



I 0.1 Add to Entities 

I 0.2 Make and store Certificate 1: 

sign( {Name 1, Kei-pub 1, [Kec-pub 1], other data} : 

Kroot-private ) 



Step 0. Enrol Entity 1 
with {Name 1, Kei-publ} and optionally Kec-publ 



Secure Transfer Protocol (4) 

Repository 



Region 



Data Sets 



Data Set 1 



Policies 



Policy 1 



Certificates 



Certificate 1 



SP2: Guardian 



Entities 



Entity 1 



Name 1 

Kei-publ 

[Kec-publ] 



Entity 2 



Kroot-public 



4.1 Check Nlis in Region 

6.1 Check DS1 is in Region, and Certificate 1 vaiid 

6.2 Select and securely execute associated Policies 

6.3 On success, return DS1 



f 



Steps 4. and 6. when retrieving Data 
from Data Set 1 (DS1) for Entity, Name 1 (Nl) 
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Authority Group 



Repository 



Region 



Certificates 



Policies 



Kroot-public 



Data Sets 



Data Set 1 



SP2: Guardian 



no 




Authority Groups 



Authority Group 1 



Policies 



Policy 1 



Auth Group 2 



| 1 Retrieve all Authority Groups that contain Entity 1 (El). 
| 2. Retrieve the Auth Group that gives El the right to 
| retrieve DS 1 and the associated Policy 1 . 
| 3. Confirm ENl's rights, by securely running Policy 1. 
I 4. On success, return Data from DS1. 



f 



Request on behalf of Entity 1, 
e.g. retrieving Data from Data Set 1 (DS1). 



Pie- K 



Region Authority Group 



Repository 



Region 




Data Sets 



Data Set 1 



Certificates 



Cert 1 



Guardian 



Authority Groups 



Region Auth Grp 



Kgi-private 



Policies 



Auth Group 1 



Entities... 



Secure operations, defined by Reg Auth Grp's Policies: 

• Create and delete Data Set in Region 

• Create and change Regional Policy, signed by Kgi- 
private; delete Policy. 

• Associate with Data Set, Authority Group or Entity. 

• Create Authority Group and enrol Entity into it, making 
Certificate, signed by Kgi-private. 



f 



Request for secure operation. 



Revoking Entity in Region 



Repository 



I'M 



± 



Region 



Since Cert 1 exists 
only in one Region 
and only the 
Guardian (which is 
secure) issues Cert 
1 to relying parties, 
revocation has no 



\time lag. 




Authority Groups 



Region Auth Grp 



Auth Group 1 



Entities 
Entity 1 



Guardian 



Secure revocation by running Policy: 

1 . Remove Entity 1 from Authority Group and Region. 

2. Remove associated Certificate and Kei-public key, 
Cert 1. 



T 

Request to revoke Entity 1 . 
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Group Confidentiality 



Repository 



M-3 



Region 



Data Sets 



Population 
out-of-band 




Data Set 1 



Group 

Encrypted 

Data 

Instance 1 



Data 

confidential 
from all but 
Entities in 
Auth Grp 1 



Certificates 



Cert 1 



SP2: Guardian 



Authority Groups 



Authority Group 1 



Entities 



Entity 1 



a) Kgc-secretl 

or 

b) Kgc-privl 



Auth Group 2 



7. Construct Message 2 with Kw_wrap = Kec-secret 

or Kec-public, retrieved from Entity l's Certificate, Cert 1, 

and Ke-decrypt = Kgc-secretl or Kgc-privl . 

9. Construct Message 3, by retrieving Group Encrypted Data 

Instance 1 , from Data Set 1 . 



f 



Request to retrieve Group Encrypted Data from Data Set 1 , 



